Electronic Commerce (e-commerce) is growing at an incredible rate. With the ever expanding popularity of electronic networks such as the Internet, companies and individuals are seeking ways to efficiently use such networks as a medium for conducting business. While e-commerce is steadily growing in popularity, a potential impediment to realizing Electronic Commerce's full potential resides in a perception that financial information which is required to perform a transaction, such as credit card account data and debit card personal identification numbers and the like, is subject to interception and misuse by unauthorized third parties when transmitted over an open network such as the Internet.
In general, to process payment information over a network, a personal identification number (“PIN”) can be used to verify that the sender of payment information is the person or entity authorized to use the payment information. For example, if a customer is using a debit card or other electronic account access to purchase goods and services on the Internet, the payment information can include a PIN which will be checked by the debit card issuer's processing center. If the PIN is valid, the transaction will proceed pending other verifications. If the PIN is invalid, the customer will be asked to retransmit the payment information with the correct PIN. If the correct PIN is not entered after a predetermined number of times, the transaction will be denied. While using a credit card over a network currently does not typically involve the use of a PIN, the verification technique of a PIN could be used with credit cards or electronic cash cards.
Additional information regarding the secure use of PINs in Electronic Commerce can be found in U.S. patent application entitled “Asymmetric Encrypted PIN,” Ser. No. 09/321,977, filed on May 28, 1999, which is hereby incorporated by reference.
In some cases, the Electronic-Commerce PIN (i.e., the PIN used to purchase goods and services over a network) can be identical, or similar, to the customer's automatic teller machine (“ATM”) PIN. However, Electronic Commerce is sometimes transacted over networks which are less secure than ATMs, and because the ATM PIN prevents the unauthorized use of the card or account information in the case of a lost or stolen card, ATM PIN information must be treated very securely. Accordingly, for non-ATM transactions such as those related to Electronic Commerce, it is desirable to avoid using the ATM PIN, especially if the non-ATM transactions are being performed within an environment or machine which is less secure than an ATM.